2. Define your applicable framework(s)

To frame your environment effectively, one of the first steps is to identify which framework(s) apply to your organisation.

As discussed in the previous section, you may consider four main categories of frameworks:

Organisational Frameworks

Example: NIST CSF, ISO/IEC 27001, etc.

Sector-Specific or Contractual Frameworks

Example: HIPAA, PCI DSS, etc.

Compliance Frameworks

Example: GDPR, FISMA, HIPAA, etc.

Specialised Cybersecurity Frameworks

Example: IEC 62443, NIST SP 800-161, NIST SP 800-61, etc.

While compliance and sector-specific frameworks are often mandatory for regulatory or contractual reasons, discretionary controls in other frameworks can still address unique risks and enhance overall security.

CSFaaS offers a range of pre-configured frameworks designed to help organisations meet specific security and compliance requirements, each featuring tailored controls and guidelines to streamline cybersecurity efforts and support regulatory alignment.

Organisational Frameworks​

Sector-Specific or Contractual Frameworks​

Compliance Frameworks​

Specialised Cybersecurity Frameworks​

Organisational Frameworks

Sector-Specific or Contractual Frameworks

Compliance Frameworks

Specialised Cybersecurity Frameworks